Systems and methods for authentication of access based on multi-data source information

ABSTRACT

An authentication method includes receiving a single electronic file of member data elements from multiple member data sources. The method can include extracting the member data elements from the single electronic file, populating an authentication database with the member data elements, and periodically receiving an update of the member data elements. The update can be used to refresh the authentication database. The method can include receiving non-member data elements from multiple non-member data sources, and updating the authentication database with the non-member data elements. The method can further include receiving a request for authentication for one or more queried data elements corresponding to a supplied identification data element. The method can include determining an authentication response for each of the queried data elements based on the authentication database. The method can further include transmitting the authentication response for each of the queried data elements to the requesting system.

CROSS-REFERENCE TO RELATED APPLICATION

This application is a continuation-in-part of U.S. patent applicationSer. No. 10/773,642, filed on Feb. 6, 2004, and entitled “Account-ownerVerification Database,” the entire disclosure of which is herebyincorporated by reference, for all purposes, as if fully set forthherein.

BACKGROUND

Authentication is an integral part of various systems. Obtaining thedata necessary for the authentication can be challenging. For example,information may be authenticated based on information from multiple datasources. However, various data sources often include incompatibleformatting and encryption. For example, data obtained from files can beunstructured, data obtained from databases can be structured, but storedin fields or formats that are incompatible with each other, and datastored in any location can have varying security measures includingencryption, digital signing, and so forth.

With the increased fast access to information on the Internet, effortsto authenticate are needed in real time and with increased accuracy.Exchanges of information are often not face-to-face, makingauthentication even more critical. Real time, accurate authentication istherefore necessary to help mitigate fraud and other criminal behavior.

Existing authentication services are lacking because they do not providea robust authentication database. Rather, they are limited to one datasource, or do not include information that is not compatibly formattedor compatibly secured. Thus, it would be advantageous to developauthentication methods and systems with sufficient robustness to providereal time, accurate authentication services.

BRIEF SUMMARY

A system of one or more computers can be configured to performparticular operations or actions by virtue of having software, firmware,hardware, or a combination of them installed on the system that inoperation causes or cause the system to perform the actions. One or morecomputer programs can be configured to perform particular operations oractions by virtue of including instructions that, when executed by dataprocessing apparatus, cause the apparatus to perform the actions. Onegeneral aspect includes an authentication method, including, for each ofmultiple member data sources, receive a single electronic file of memberdata elements from the member data source. The authentication method canalso include extracting the member data elements from the singleelectronic file. The authentication method can also include identifyingan encryption format of the member data elements. The authenticationmethod can also include decrypting the member data elements based on theidentified encryption format. The authentication method can also includereformatting the member data elements to an authentication databaseformat. The authentication method can also include encrypting the memberdata elements with an authentication database encryption. Theauthentication method can also include populating an authenticationdatabase of the authentication system with the member data elements,where each of the member data elements from the single electronic filecorrespond to one of multiple data element fields in the authenticationdatabase. The authentication method can also include periodicallyreceiving, at the authentication system, an update of the member dataelements. The authentication method can also include refreshing theauthentication database of the authentication system with the update ofthe member data elements. The method can also include, for each ofmultiple non-member data sources, receiving non-member data elementsfrom the non-member data source. The authentication method can alsoinclude updating the authentication database of the authenticationsystem with the non-member data elements, where each of the non-memberdata elements correspond to one of the multiple data element fields inthe authentication database. The authentication method can also includereceiving a request for authentication of at least one queried dataelement corresponding to a supplied identification data element from arequesting system. The authentication method can also includedetermining, based on the authentication database, an authenticationresponse for each of the queried data elements. The authenticationmethod can also include transmitting the authentication response foreach of the queried data elements to the requesting system. Otherembodiments of this aspect include corresponding computer systems,apparatus, and computer programs recorded on one or more computerstorage devices, each configured to perform the actions of the methods.

Implementations may include one or more of the following features.Optionally, the member data elements are linked to a plurality ofaccounts maintained at the member data source. Optionally, the memberdata source is required to provide a member data element for each of aspecified set of data element fields for each account. Optionally, thenon-member data elements include values obtained from a plurality ofcheck images corresponding to a plurality of checks. Optionally, theauthentication response for each of the queried data elements ispositive when the queried data element matches a data element valuestored in the data element field corresponding to the suppliedidentification data element, negative when the queried data element doesnot match the data element value stored in the data element fieldcorresponding to the supplied identification data element, and notavailable when the data element value is blank for the data elementfield corresponding to the supplied identification data element.Optionally, the authentication database is structured according to anidentification data element field. Optionally, the non-member dataelements are noted in the authentication database as from a non-memberdata source. Optionally, the non-member data elements include analyzedinformation from non-member data sources. Optionally, the authenticationresponse for one of the queried data elements is negative, and themethod can further include determining a supplying data source for thequeried data element. The authentication method can also includegenerating a notification that the authentication response for thequeried data element is negative, and transmitting the notification tothe supplying data source. Optionally, the authentication response foreach of the queried data elements is provided to the requesting systemin real time. Implementations of the described techniques may includehardware, a method or process, or computer software on acomputer-accessible medium.

BRIEF DESCRIPTION OF THE DRAWINGS

The foregoing summary, as well as the following detailed description ofthe invention, will be better understood when read in conjunction withthe appended drawings. For the purpose of illustrating the invention,there are shown in the drawings embodiments which are presentlypreferred. It should be understood, however, that the invention is notlimited to the precise arrangements and instrumentalities shown.

FIG. 1 is a block diagram showing an authentication database and variousdata sources according to an embodiment.

FIG. 2 is a flow diagram showing an example of populating anauthentication database according to an embodiment.

FIG. 3 is a table showing an example of an inquiry to the authenticationdatabase according to an embodiment.

FIG. 4 illustrates an exemplary block diagram of a system for receiving,formatting, and populating an authentication database.

FIG. 5 illustrates exemplary file types into which transit item andincoming return data is reformatted.

FIG. 6 illustrates a block diagram of a computer system according to anembodiment.

DETAILED DESCRIPTION OF THE INVENTION

To overcome the above described deficiencies, the description hereinprovides a solution in the way of systems and methods that facilitatecapturing information from disparate data sources, formatting the datato be compatible for use in an authentication database, conformencryption and other security for use in the authentication database,and generate the authentication database that can be used to providereal time accurate authentication services to users.

The data extraction and formatting described herein can allow a new datasource to be added to the system automatically by scanning the data,identifying the format, and modelling the data to the new format usingmodels that can be generated using any suitable method including, forexample, machine learning. The data can further be filtered before orafter reformatting to ensure compatibility with the authenticationdatabase. For example, excess data fields can be discarded or filteredout.

Optionally, the authentication database can use machine learning toincrease the available information through the filtering process. Forexample, the authentication system can identify filtered data as a datatype and, if the data type is received for various data entries athreshold number of times in a certain period of time, theauthentication system can determine that the filtered data type may beuseful information. The authentication system can expand theauthentication database to utilize the additional data type by, forexample, automatically adding an additional data element field andstoring the data that corresponds to the additional data element fieldupon receipt from the various data sources.

Referring to FIGS. 1-3, an authentication database, generally designated10, and a method of populating such database in accordance with thepresent invention is shown. The database 10 provides authentication ofspecific information upon inquiry and is designed to be contributed toand updated on a regular basis.

The database 10 is populated by collecting member data elements 16 fromvarious contributing or member data sources 12. The member data sources12 can be any suitable data source which have agreed to continually andautomatically provide current, accurate information related toidentifier 14, in a predetermined quantity and format, to the database10 with which to populate the database 10. The member data sources 12can be operated or managed by any agencies, entities, or data sourceswhich have the ability to provide accurate data on a regular basis.

The member elements 16 provided by the member data sources 12 includeinformation which corresponds to the individual identifier 14 heldand/or maintained by that member data source 12. A data element 16 isthus a piece of information associated with an individual identifier 14and which helps identify the owner of that identifier and/or anotherdata element of that individual identifier 14. Generally, a member dataelement 16 for an identifier may be any categorized informationassociated with a particular identifier. For example, possiblecategories of data elements include names, addresses, dates of birth,identification/drivers' license numbers, social security numbers, taxi.d. numbers, account type, channel origination and other type of dataassociated with the identifier.

The authentication database 10 is populated in part by extracting andcollecting data elements 16 associated with one or more individualidentifier 14 from one or more member data sources 12. The data elements16 from a single member data source 12 may be related to one or moreindividual identifier 14. That is, a member data source 12 may populatethe database 10 with data elements 16 from a single identifier or withdata elements 16 from multiple identifiers. The various types ofidentifiers are discussed in more detail in U.S. patent application Ser.No. 10/773,642 entitled “Account-owner Verification Database” and filedon Feb. 6, 2004, the entire contents of which is hereby incorporated byreference herein for all purposes.

The authentication database 10 according to the present invention alsocollects and stores non-member data elements 36 corresponding tonon-member identifiers 34 held by non-member data sources 32. Anon-member data source 32 is an entity capable of supplying information,but which is not capable of nor obligated to provide the information tothe authentication database 10 on a regular and/or automatic basis.Additionally, the information provided by a non-member data source 32need not be accurate. For example, non-member data sources 32 may haveaccess to identifier information which is obtained from negative (asopposed to positive) populated databases, thereby containing informationwhich, for example, may be triggered by only “bad events” or which isotherwise less than current. Therefore, non-member data elements 36 maybe collected from a variety of sources and are not necessarily accurateor current.

One example of a non-member data source 32 is a social media service.Using such a system, non-member data elements 36 may be obtained byextracting identifier information from the social media accounts. Othernon-member data sources 32, and therefore sources of non-member dataelements 36, include, for example, Internet account openings, televisionservices, video services, and other similar services. Each of theseservices contains at least non-member data elements 36 which, ifcollected and stored in the database 10, adds to the robustness of thedatabase 10. For example, non-member data elements 36 may be obtained inthe form of social media user accounts.

Additionally, in place of or in addition to non-member data elements 36comprising raw account information gathered from non-member data sources32, the database 10 may also be populated with non-member data elements36 which are based on statistically accurate or analyzed informationfrom non-member data sources 32, thereby adding an additional level ofaccuracy to the non-member data elements stored in the database 10. Themember data elements 16 need not be exclusively obtained through theautomatic population scheme discussed above, but may also be obtainedfrom the sources noted here for obtaining non-member data elements 36.Furthermore, a non-member data source 32 may transition to become amember data source 12, assuming that all of the necessary accuracy andupdating requirements are satisfied.

The authentication database 10 preferably includes a plurality of dataelement fields 20. In the preferred embodiment, the available dataelement fields include: identification number, sub-identificationnumber, names, addresses, dates of birth, identification/drivers'license numbers, social security numbers, tax i.d. numbers, accounttype, channel origination, and other various data associated withaccounts. Each of the data element fields 20 preferably contains acorresponding member or non-member data element 16, 36 obtained from amember or non-member data source 12, 32, respectively, as discussedabove. Thus, for example, a data element (e.g., account information)which is denoted as “driver's license number” obtained from a member ornon-member institution 12, 32 would be stored in the database 10 in thedata element field 20 labeled “driver's license number”.

For each new or updated account from a member data source 12, the memberdata source 12 is required to provide sufficient member data elements 16to fill a minimum set of data element fields 20. In the preferredembodiment, the minimum required data element fields 20 can include:identification number, sub-identification number, one name, one addressand one social security or tax i.d. number. Other member data elements16 sufficient to populate less vital data element fields 20 may also besent by the member data source 12.

The minimum set of data element fields supplied by a member data source12 need not be the specific fields noted above, but rather may beadjusted according to the particular authentication application.Additionally, since non-member data sources 32 may not have a wide arrayof account information, not all of the available data element fields 20in the authentication database 10 which are populated with member dataelements 16 are collectable for identifiers related to non-member datasources 32. For example non-member data elements 36 provided throughnon-member data sources 32 such as social media services may not havesufficient information to populate all of the available data elementfields 20 (and perhaps even the minimum set of data element fields) inthe authentication database 10. Accordingly, the database 10 may notinclude a full complement of non-member data elements 36 for a givenidentifier 22. Additionally, since the non-member data elements 36 areoften not as reliable nor complete as member data elements 16, anidentifier 22 which includes data element fields 20 which are populatedwith non-member data elements 36, are noted in the database 10 ascontaining data elements from non-member data sources 32.

Since a primary goal of the authentication database 10 is to determineif a person is authenticated to access an account associated with anidentifier, the database 10 is preferably structured such that the dataelement fields 20 are arranged in the database 10 according tocorresponding identification number 22. Since multiple member and/ornon-member data sources 12, 32 may have the same identifier 22, theindividual identifiers 22 are preferably arranged within the database 10according to sub identifiers 24.

However, the database 10 may be structured or organized according toother schemes without departing from the spirit and scope of the presentinvention, so long as the individual data element fields 20 aresearchable to find the relevant data elements 16, 36 to helpauthenticate access to an account based on an identifier.

Preferably, the database 10 is initially populated by the member datasources 12 with a single file including all of the required member dataelements 16 for all of the identifiers in the member data source 12.However, once the database 10 has been initially populated, the memberdata elements 16 in the database are preferably updated with newinformation associated with identifier(s) at the member data source 12based on newly opened and/or recently maintained or modified accounts.More specifically, the database 10 is refreshed or updated with memberdata elements 16 associated with accounts at member data sources 12which have been recently opened, closed, changed in status or which haveincurred changes to one or more of their own data elements. Preferably,the collected data elements in the database 10 are stored and updated atregular intervals. Such automatic and continuous updating of thedatabase 10 provides an inquirer with a very robust authentication tool.The database is also preferably updated in less frequent intervals withnew and/or updated non-member data elements 36 obtained from non-memberdata sources 32.

The population and inquiry of the authentication database 10 will beexplained through the following example, in conjunction with FIGS. 2 and3. As shown in FIG. 2, the sample populated authentication database 10contains five different identifier entries.

Non-member data elements 36 for identifiers 789 and 432 were obtainedfrom a non-member data source 32, as denoted in the last data elementfield 20. Thus, not all of the required data element fields 20 for thoseentries are populated.

To submit an inquiry to the authentication database 10, an inquirermust, at the very least, provide an identifier 22 and at least one otherdata element (purportedly corresponding to that identifier) forverification. In cases where the database 10 is also organized accordingto sub-identification, the inquirer should also provide the Sub-ID 24which corresponds to the designated identifier 22. The inquirer mayenter an identifier and multiple data elements to be verified at once.Assuming that the requested identifier is in the database 10, theentered data elements are queried against the information stored in thecorresponding data element field(s) 20 associated with the enteredidentifier 22. The database 10 returns a verification of each individualsubmitted data element corresponding to that identifier. For each dataelement in an inquiry, a response of “yes,” “no” or “information notavailable” is returned to the inquirer, respectively. A positive, or“yes” response is received if the entered data element matches thecontent of the corresponding data element field 20 in the database 10for the entered identifier. Similarly, a negative, or “no” response isreturned to the inquirer if the entered data element does not match thecontent of the corresponding data element field 20 in the database 10for the entered identifier. An “information not available” response isreceived if the data element field 20 in the database 10 correspondingto the entered data element is empty. The complete response received bythe inquirer may contain one or more of each of the possible responses.That is, the database 10 responds according to each individual entereddata element, respectively. Thus, to obtain a “positive” response, it isnot required that all of the entered data elements match the contents oftheir corresponding data element fields for the entered identifier.

Preferably, no customer-specific data is provided back to the inquirer.Rather, the database only confirms or denies the accuracy of theinformation as entered into the data element field which corresponds tothe entered identifier. An example (based on the database 10 of FIG. 2)of an inquiry and response corresponding to that inquiry according tothe present invention is shown in FIG. 3.

Additionally, if an inquiry regarding a particular identifier results ina “NO” response on at least one data element in an inquiry, the databasereports to the member data source 12 for that identifier that there wasan inquiry against one of their identifiers/accounts which resulted in anegative response, along with the data element(s) that produced thatnegative response. In the example of FIG. 3, a report to Entity A wouldbe generated that an inquiry was made against identifier #456 whichproduced a negative response for identified SS#.

The database 10 provides inquiry capabilities allowing inquirers tovalidate information about an identifier holder, in addition to theidentifier's current status. The inquiry submitted to the database 10may be made on-line, in real time or in a batch-process. Thus, theinquirer could be a major entity or a small business. The authenticationdatabase 10 is particularly advantageous for “faceless” exchanges wherethe identity of the identifier holder cannot be verified. Additionally,an inquirer can determine the status and relevant identifier holderinformation about an identifier in real time, such that businessexchanges are not delayed, while still ensuring authenticity.

The authentication database 10 is positively, or actively, populatedusing information that is collected from actual member data sources 12based on current information. This is an advantage over existing similardatabases and authentication systems which utilize negative, or passive,data based on information which is retained based on accounts which areknown to be faulty, fraudulent or otherwise troublesome. Negativelypopulated databases generally contain information for which there hasbeen a recorded or reported problem. Since the database 10 according tothe present invention utilizes a positively populated database wheredata elements are obtained from member data sources 12, the status andvalidation of member data elements which are returned to the inquirerare both current and timely, as opposed to being based simply onnegative databases which are not populated in a standardized manner.Furthermore, since the database 10 also integrates information fromnon-member data sources 32, the database 10 according to the presentinvention includes an added level of robustness, thereby providingadditional authentication accuracy to an inquirer.

FIG. 4 illustrates a system for reformatting data from multiple datasources, wherein the received files can be image data files 1310 andnon-image data files 1320. The image data files 1310 will typically besent as files from standard data sourcing image systems, e.g., formattedin accordance with industry standards. The data files 1320 have relevantdata to an identifier, but the formatting of that data may be variabledepending on the data source that is sending it. The reformatting system1330 can extract the data, identify a type of encryption, decrypt thedata based on the identified encryption, reformat the data to becompatible with authentication database 10, encrypt the data to becompatible with authentication database 10, and filter any unnecessarydata that does not correspond to a data element field in theauthentication database.

As seen in FIG. 4, a reformatting system 1330 is maintained at theentity receiving the files, and reformats the incoming data into fourdifferent file types 1332, 1334, 1336 and 1338. The master account file(MAF) 1332 has data pertaining to the account that is involved with eachtransit item and incoming return, the transit item file (TIF) 1334 hasdata relevant only to transit items, the return item file 1336 has datarelevant only to return items, and the item contribution file (ICF) 1338has data relevant to both transit items and return items. Separating thedata and reformatting it as shown permits the various data files to bestored and processed compatibly in authentication database 10. Whenneeded to be tied together (e.g., specific account information from anMAF file needs to be pulled in order to consider a risk associated witha transit item), file IDs resident at each the different file types maybe used to locate the relevant file record.

FIG. 5 illustrates the four different file types MAF, TIF, RIF and ICF.For ease of description, the most relevant data fields in the header andrecord detail for each file type is shown (e.g., control bits in theheader are omitted). Thus, the master account (MAF) file 1332 includesfields having a file date, a file ID, and a data source ID in theheader, and having a data Sub identifier, account number, account typean account status associated with a specific account in the recorddetail. The transit item (TIF) file 1334 includes fields having a filedate and file ID in the header, and a Sub ID, an account number, a checkstatus, and a an amount in the record detail. The return item (RIF) file1336 includes fields having a file date and file ID in the header, and aSub ID, an account number, a check Status, an amount, and a returnreason (code) in the record detail fields. Thus when accessing thevarious files, the identifiers and sub identifiers can be used to verifyvarious details about the given account.

A primary benefit of the above described authentication database andassociated population and inquiry schemes is that inquirers maydetermine authentication for access to the presented account oridentifier. Such a feature is particularly advantageous in nonface-to-face exchanges, such as telephone and Internet exchanges, toprovide a method to authenticate the other user in the exchange.

FIG. 6 is a block diagram illustrating an exemplary computer system uponwhich embodiments of the present invention may be implemented. Thisexample illustrates a computer system 200 such as may be used, in whole,in part, or with various modifications, to provide the functions of thecomputers that provide data to and populate the authentication database,as well as other components and functions of the invention describedherein.

The computer system 200 is shown comprising hardware elements that canbe electrically coupled or otherwise in communication via a bus 290. Thehardware elements can include one or more processors 210, including,without limitation, one or more general-purpose processors and/or one ormore special-purpose processors (such as digital signal processingchips, graphics acceleration chips, and/or the like); one or more inputdevices 220, which can include, without limitation, a mouse, a keyboardand/or the like; and one or more output devices 230, which can include,without limitation, a display device, a printer and/or the like.

The computer system 200 may further include one or more storage devices240, which can comprise, without limitation, local and/or networkaccessible storage or memory systems having computer or machine readablemedia. Common forms of physical and/or tangible computer readable mediainclude, as examples, a floppy disk, a flexible disk, hard disk,magnetic tape, or any other magnetic medium, an optical medium (such asCD-ROM), a random access memory (RAM), a read only memory (ROM) whichcan be programmable or flash-updateable or the like, and any othermemory chip, cartridge, or medium from which a computer can read data,instructions and/or code. In many embodiments, the computer system 200will further comprise a working memory 280, which could include (but isnot limited to) a RAM or ROM device, as described above.

The computer system 200 also may further include a communicationssubsystem 260, such as (without limitation) a modem, a network card(wireless or wired), an infra-red communication device, or a wirelesscommunication device and/or chipset, such as a Bluetooth® device, an802.11 device, a WiFi device, a near field communications (NFC) device,cellular communication facilities, etc. The communications subsystem 260may permit data to be exchanged with a network, and/or any other devicesdescribed herein. Transmission media used by communications subsystem260 (and the bus 290) may include copper wire, coaxial cables and fiberoptics. Hence, transmission media can also take the form of waves(including, without limitation radio, acoustic and/or light waves, suchas those generated during radio-wave and infra-red data communications).

The computer system 200 can also comprise software elements, illustratedwithin the working memory 280, including an operating system 284 and/orother code 288, such as one or more application programs 294, which maybe designed to implement, as an example, the processes involved in FIGS.1-5, and thus provide specially designed and programmed systems (ratherthan well-understood, routine and conventional activities and systems inthe prior art) for carrying out the unique elements of those processesand novel features described herein. The other code 288 can furtherinclude an application program interface (API) 292 for interfacing withapplications 294. Additionally, a browser 296 for accessing the Internetcan be included in other code 288. Optionally, computer system 200 caninclude a processing acceleration 270 that can cause the processors 210to accelerate and offer faster processing times.

As an example, one or more methods discussed earlier might beimplemented as code and/or instructions executable by a computer (and/ora processor within a computer). In some cases, a set of theseinstructions and/or code might be stored on a computer readable storagemedium that is part of the system 200, such as the storage device(s)240. In other embodiments, the storage medium might be separate from acomputer system (e.g., a removable medium, such as a compact disc,etc.), and/or provided in an installation package with theinstructions/code stored thereon. These instructions might take the formof code which is executable by the computer system 200 and/or might takethe form of source and/or installable code, which is compiled and/orinstalled on the computer system 200 (e.g., using any of a variety ofgenerally available compilers, installation programs,compression/decompression utilities, etc.). The communications subsystem260 (and/or components thereof) generally will receive the signals(and/or the data, instructions, etc., carried by the signals), and thebus 290 then might carry those signals to the working memory 280, fromwhich the processor(s) 210 retrieves and executes the instructions. Theinstructions received by the working memory 280 may optionally be storedon storage device 240 either before or after execution by theprocessor(s) 210.

Moreover, while the various flows and processes described herein (e.g.,those involved in FIGS. 1-5) are described in a particular order forease of description, unless the context dictates otherwise, variousprocedures may be reordered, added, and/or omitted in accordance withvarious embodiments of the invention. Moreover, the procedures describedwith respect to one method or process may be incorporated within otherdescribed methods or processes; likewise, system components describedaccording to a particular structural architecture and/or with respect toone system may be organized in alternative structural architecturesand/or incorporated within other described systems. Hence, while variousembodiments may be described with (or without) certain features for easeof description and to illustrate exemplary features, the variouscomponents and/or features described herein with respect to a particularembodiment can be substituted, added, and/or subtracted to provide otherembodiments, unless the context dictates otherwise. Consequently,although the invention has been described with respect to exemplaryembodiments, it will be appreciated that the invention is intended tocover all modifications and equivalents within the scope of thefollowing claims.

The present invention may be implemented with any combination ofhardware and software. If implemented as a computer-implementedapparatus, the present invention is implemented using means forperforming all of the steps and functions described above.

The present invention can be included in an article of manufacture(e.g., one or more computer program products) having, for instance,computer useable media. The media has embodied therein, for instance,computer readable program code means for providing and facilitating themechanisms of the present invention. The article of manufacture can beincluded as part of a computer system or sold separately.

It will be appreciated by those skilled in the art that changes could bemade to the embodiments described above without departing from the broadinventive concept thereof. It is understood, therefore, that thisinvention is not limited to the particular embodiments disclosed, but itis intended to cover modifications within the spirit and scope of thepresent invention as defined by the appended claims.

What is claimed is:
 1. A method of authenticating account owners, themethod comprising: receiving, at a database server, a plurality ofparticipant files, wherein the plurality of participant files comprisingat least one participant file from each of plurality of participant datasources, wherein, the plurality of participant files from the pluralityof participant data sources containing current and accurate informationof the account owners: each participant file of the plurality ofparticipant files comprises two or more participant data elements, eachparticipant data element of the two or more participant data elementscomprises participant data values including a participant accountidentifier that corresponds to one of a plurality of participantaccounts maintained for one of the account owners and includingparticipant account owner details that correspond to personallyidentifiable information about a corresponding account owner, and eachparticipant data element of the two or more participant data elements ina particular participant file from a particular participant data sourcecorresponding to a participant account maintained by the particularparticipant data source; extracting, at the database server, theparticipant data values from the two or more participant data elementsfrom each of the plurality of participant files; storing, by thedatabase server, the participant data values extracted from the two ormore participant data elements from each of the plurality of participantfiles in an account owner authentication database, wherein the accountowner authentication database comprises a plurality of data elementfields, and wherein each of the participant data values extractedcorresponds to one of the plurality of data element fields; periodicallyand automatically receiving, by the database server, a plurality ofupdated participant files, wherein the plurality of updated participantsfiles comprising at least one updated participant file from each of theplurality of participant data sources, each updated participant filecomprising at least one updated participant data element from aplurality of updated participant data elements; in response to receivingthe plurality of updated participant files, refreshing, by the databaseserver, the account owner authentication database with the plurality ofupdated participant data elements; wherein each updated participant fileof the plurality of updated participant files is provided in apredetermined format to the database server on a predetermined schedule,the method further comprising: receiving at the database server, aplurality of non-participant files, the plurality of non-participantfiles comprising at least one non-participant file from each of aplurality of non-participant data sources, wherein, the plurality ofnon-participant files from the plurality of non-participant data sourcescontaining information that are not current and accurate about theaccount owners: each non-participant file of the plurality ofnon-participant files comprises two or more non-participant dataelements, each of the two or more non-participant data elementscomprises non-participant data values including a non-participantaccount identifier that corresponds to one of a plurality ofnon-participant accounts maintained for one of the account owners andincluding non-participant account owner details that correspond topersonally identifiable information about a corresponding account owner,and each of the two or more non-participant data elements in aparticular non-participant file from a particular non-participant datasource corresponding to a particular non-participant account maintainedby the particular non-participant data source; extracting, at thedatabase server, the non-participant data values from the two or morenon-participant data elements from each of the plurality ofnon-participant files; storing, by the database server, thenon-participant data values extracted from the two or morenon-participant data elements from each of the plurality ofnon-participant files in the account owner authentication database,wherein each of the non-participant data values extracted corresponds toone of the plurality of data element fields, wherein the plurality ofdata element fields comprises a non-participant flag field, and whereineach non-participant data element comprises a row in a table of theaccount owner authentication database having an indicator in thenon-participant flag field, sporadically receiving, by the databaseserver, at least one updated non-participant file from at least onenon-participant data source, the at least one updated non-participantfile comprising at least one updated non-participant data element,wherein the at least one updated non-participant data element is notprovided in the predetermined format; in response to receiving the atleast one updated non-participant file, refreshing, by the databaseserver, the account owner authentication database with the at least oneupdated non-participant data element; receiving, at the database servera request for authentication of an account owner from an inquirer, therequest comprising at least an account identifier and a data value; inresponse to receiving the request, searching the account ownerauthentication database to determine whether a match is found for theaccount identifier and the data value received; upon a match is foundfor both the account identifier and the data value, transmitting aresponse to the inquirer indicating a match is determined; upon a matchis not found for at least one of the account identifier and the datavalue, transmitting a response to the inquirer indicating a match is notdetermined; and wherein the responses do not provide any accountowner-specific data to the inquirer.
 2. The method of authenticatingaccount owners of claim 1, wherein the plurality of data element fieldscomprise an account number field, an account type field, and an accountholder name field.
 3. The method of authenticating account owners ofclaim 1, wherein each of the plurality of participant data sources isrequired to provide a set of participant data elements corresponding toa predefined set of data element fields for each participant accountidentifier.
 4. The method of authenticating account owners of claim 3,wherein each of the plurality of non-participant data sources is notrequired to provide a set of non-participant data elements correspondingto the predefined set of data element fields for each non-participantaccount identifier.
 5. The method of authenticating account owners ofclaim 1, wherein a first non-participant data source of the plurality ofnon-participant data sources provides non-participant data elements froma plurality of check images corresponding to a plurality of checks,wherein each check of the plurality of checks comprises non-participantdata elements corresponding to non-participant account identifiers. 6.The method of authenticating account owners of claim 1, furthercomprising: organizing the account owner authentication databaseaccording to the plurality of participant accounts and the plurality ofnon-participant accounts, wherein each of the participant accounts andnon-participant accounts correspond to an account number.
 7. The methodof authenticating account owners of claim 6, wherein each of theplurality of participant accounts and non-participant accounts has anassociated routing transit number, and wherein organizing the accountowner authentication database is further according to the associatedrouting transit number.
 8. The method of authenticating account ownersof claim 1, further comprising: when the account identifier matches witha first participant account of the plurality of participant accounts,and the data value does not match with any participant data value storedin the account owner authentication database, transmitting a notice to acorresponding participant data source that provided the firstparticipant account which matches the account identifier, the noticeindicating that an inquiry of the first participant account resulted inno match.
 9. A system for authenticating account owners, the systemcomprising: one or more processors; and a memory communicatively coupledwith and readable by the one or more processors and having storedtherein processor-readable instructions which, when executed by the oneor more processors, cause the one or more processors to: receive aplurality of participant files, wherein the plurality of participantfiles comprising at least one participant file from each of a pluralityof participant data sources, wherein, the plurality of participant filesfrom the plurality of participant data sources containing current andaccurate information of the account owners: each participant file of theplurality of participant files comprises two or more participant dataelements, each participant data element of the two or more participantdata elements comprises participant data values including a participantaccount identifier that corresponds to one of a plurality of participantaccounts maintained for one of the account owners and includingparticipant account owner details that correspond to personallyidentifiable information about a corresponding account owner, and eachparticipant data element of the two or more participant data elements ina particular participant file from a particular participant data sourcecorresponding to a participant account maintained by the particularparticipant data source; extract the participant data values from thetwo or more participant data elements from each of the plurality ofparticipant files; store the participant data values extracted from thetwo or more participant data elements from each of the plurality ofparticipant files in an account owner authentication database, whereinthe account owner authentication database comprises a plurality of dataelement fields, and wherein each of the participant data valuesextracted corresponds to one of the plurality of data element fields;periodically and automatically receive a plurality of updatedparticipant files, wherein the plurality of updated participants filescomprising at least one updated participant file from each of theplurality of participant data sources, each updated participant filecomprising at least one updated participant data element from aplurality of updated participant data elements; in response to receivingthe plurality of updated participant files, refresh the account ownerauthentication database with the plurality of updated participant dataelements; wherein each updated participant file of the plurality ofupdated participant files is provided in a predetermined format to adatabase server on a predetermined schedule, and wherein theprocessor-readable instructions further cause the one or more processorsto: receive a plurality of non-participant files, the plurality ofnon-participant files comprising at least one non-participant file fromeach of a plurality of non-participant data sources, wherein, theplurality of non-participant files from the plurality of non-participantdata sources containing information that are not current and accurateabout the account owners: each non-participant file of the plurality ofnon-participant files comprises two or more non-participant dataelements, each of the two or more non-participant data elementscomprises non-participant data values including a non-participantaccount identifier that corresponds to one of a plurality ofnon-participant accounts maintained for one of the account owners andincluding non-participant account owner details that correspond topersonally identifiable information about a corresponding account owner,and each of the two or more non-participant data elements in aparticular non-participant file from a particular non-participant datasource corresponding to a particular non-participant account maintainedby the particular non-participant data source; extract thenon-participant data values from the two or more non-participant dataelements from each of the plurality of non-participant files; store thenon-participant data values extracted from the two or morenon-participant data elements from each of the plurality ofnon-participant files in the account owner authentication database,wherein each of the non-participant data values extracted corresponds toone of the plurality of data element fields, wherein the plurality ofdata element fields comprises a non-participant flag field, and whereineach non-participant data element comprises a row in a table of theaccount owner authentication database having an indicator in thenon-participant flag field, irregularly receive at least one updatednon-participant file from at least one non-participant data source, theat least one updated non-participant file comprising at least oneupdated non-participant data element, wherein the at least one updatednon-participant data element is not provided in the predeterminedformat; in response to receiving the at least one updatednon-participant file, refreshing, by the database server, the accountowner authentication database with the at least one updatednon-participant data element; receive a request for authentication of anaccount owner from an inquirer, the request comprising at least anaccount identifier and a data value; in response to receiving therequest, searching the account owner authentication database todetermine whether a match is found for the account identifier and thedata value received; upon a match is found for both the accountidentifier and the data value, transmitting a response to the inquirerindicating a match is determined; upon a match is not found for at leastone of the account identifier and the data value, transmitting aresponse to the inquirer indicating a match is not determined; andwherein the responses do not provide any account owner-specific data tothe inquirer.
 10. The system for authenticating account owners of claim9, wherein each of the plurality of participant data sources is requiredto provide a set of participant data elements corresponding to apredefined set of data element fields for each participant accountidentifier.
 11. The system for authenticating account owners of claim 9,wherein each of the plurality of participant data sources is required toprovide a set of participant data elements corresponding to a predefinedset of data element fields for each participant account identifier, andwherein each of the plurality of non-participant data sources are notrequired to provide a set of non-participant data elements correspondingto the predefined set of data element fields for each non-participantaccount identifier.
 12. A computer-readable memory device having storedthereon processor-readable instructions which, when executed by one ormore processors, cause the one or more processors to: receive aplurality of participant files, wherein the plurality of participantfiles comprising at least one participant file from each of a pluralityof participant data sources, wherein, the plurality of participant filesfrom the plurality of participant data sources containing current andaccurate information of account owners: each participant file of theplurality of participant files comprises two or more participant dataelements, each participant data element of the two or more participantdata elements comprises participant data values including a participantaccount identifier that corresponds to one of a plurality of participantaccounts maintained for one of the account owners and includingparticipant account owner details that correspond to personallyidentifiable information about a corresponding account owner, and eachparticipant data element of the two or more participant data elements ina particular participant file from a particular participant data sourcecorresponding to a participant account maintained by the particularparticipant data source; extract the participant data values from thetwo or more participant data elements from each of the plurality ofparticipant files; store the participant data values extracted from thetwo or more participant data elements from each of the plurality ofparticipant files in an account owner authentication database, whereinthe account owner authentication database comprises a plurality of dataelement fields, and wherein each of the participant data valuesextracted corresponds to one of the plurality of data element fields;periodically and automatically receive a plurality of updatedparticipant files, wherein the plurality of updated participants filescomprising at least one updated participant file from each of theplurality of participant data sources, each updated participant filecomprising at least one updated participant data element from aplurality of updated participant data elements; in response to receivingthe plurality of updated participant files, refresh the account ownerauthentication database with the plurality of updated participant dataelements; wherein each updated participant file of the plurality ofupdated participant files is provided in a predetermined format to adatabase server on a predetermined schedule, and wherein theprocessor-readable instructions further cause the one or more processorsto: receive a plurality of non-participant files, the plurality ofnon-participant files comprising at least one non-participant file fromeach of a plurality of non-participant data sources, wherein, theplurality of non-participant files from the plurality of non-participantdata sources containing information that are not current and accurateabout the account owners: each non-participant file of the plurality ofnon-participant files comprises two or more non-participant dataelements, each of the two or more non-participant data elementscomprises non-participant data values including a non-participantaccount identifier that corresponds to one of a plurality ofnon-participant accounts maintained for one of the account owners andincluding non-participant account owner details that correspond topersonally identifiable information about a corresponding account owner,and each of the two or more non-participant data elements in aparticular non-participant file from a particular non-participant datasource corresponding to a particular non-participant account maintainedby the particular non-participant data source; extract thenon-participant data values from the two or more non-participant dataelements from each of the plurality of non-participant files; store thenon-participant data values extracted from the two or morenon-participant data elements from each of the plurality ofnon-participant files in the account owner authentication database,wherein each of the non-participant data values extracted corresponds toone of the plurality of data element fields, wherein the plurality ofdata element fields comprises a non-participant flag field, and whereineach non-participant data element comprises a row in a table of theaccount owner authentication database having an indicator in thenon-participant flag field, irregularly receive at least one updatednon-participant file from at least one non-participant data source, theat least one updated non-participant file comprising at least oneupdated non-participant data element, wherein the at least one updatednon-participant data element is not provided in the predeterminedformat; in response to receiving the at least one updatednon-participant file, refreshing, by the database server, the accountowner authentication database with the at least one updatednon-participant data element; receive a request for authentication of anaccount owner from an inquirer, the request comprising at least anaccount identifier and a data value; in response to receiving therequest, searching the account owner authentication database todetermine whether a match is found for the account identifier and thedata value received; upon a match is found for both the accountidentifier and the data value, transmitting a response to the inquirerindicating a match is determined; upon a match is not found for at leastone of the account identifier and the data value, transmitting aresponse to the inquirer indicating a match is not determined; andwherein the responses do not provide any account owner-specific data tothe inquirer.
 13. The computer-readable memory device of claim 12,wherein each of the plurality of participant data sources are requiredto provide a set of participant data elements corresponding to apredefined set of data element fields for each participant accountidentifier, and wherein each of the plurality of non-participant datasources are not required to provide a set of non-participant dataelements corresponding to the predefined set of data element fields foreach non-participant account identifier.